Control: forwarded -1 https://github.com/varietywalls/variety/issues/198
Hi Damyan, I've copied this upstream, thanks for spotting this. Best, James On 2019-07-09 9:43 a.m., Damyan Ivanov wrote: > Package: variety > Version: 0.7.1-2 > Severity: important > Tags: upstream > > Hi, > > Thank you for packaging variety. It is a very nice program and does its work > smoothly. > > Sadly, it contains code which attempts to load "options" from a remove server > without user's consent. See [1] and [2]. > > [1] > https://sources.debian.org/src/variety/0.7.1-2/variety/VarietyWindow.py/?hl=81#L609 > [2] > https://sources.debian.org/src/variety/0.7.1-2/variety/VarietyWindow.py/?hl=81#L932 > > I'll prepare a merge request that removes the start of the background thread > which does the fetch. Variety works just fine without it. > > > Thanks for considering, > Damyan > > -- System Information: > Debian Release: 10.0 > APT prefers unstable-debug > APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'stable'), > (1, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) > Kernel taint flags: TAINT_OOT_MODULE > Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8), > LANGUAGE=bg_BG.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages variety depends on: > ii gir1.2-gdkpixbuf-2.0 2.38.1+dfsg-1 > ii gir1.2-gexiv2-0.10 0.10.9-1 > ii gir1.2-glib-2.0 1.58.3-2 > ii gir1.2-gtk-3.0 3.24.5-1 > ii gir1.2-notify-0.7 0.7.7-4 > ii gir1.2-pango-1.0 1.42.4-6 > ii imagemagick 8:6.9.10.23+dfsg-2.1 > ii imagemagick-6.q16 [imagemagick] 8:6.9.10.23+dfsg-2.1 > ii python3 3.7.3-1 > ii python3-bs4 4.7.1-1 > ii python3-cairo 1.16.2-1+b1 > ii python3-configobj 5.0.6-3 > ii python3-dbus 1.2.8-3 > ii python3-gi 3.30.4-1 > ii python3-gi-cairo 3.30.4-1 > ii python3-lxml 4.3.3-2 > ii python3-pil 5.4.1-2 > ii python3-pkg-resources 41.0.1-1 > ii python3-requests 2.21.0-1 > > Versions of packages variety recommends: > ii gir1.2-appindicator3-0.1 0.4.92-7 > ii python3-httplib2 0.11.3-2 > > Versions of packages variety suggests: > pn feh | nitrogen <none> > ii gnome-shell-extension-appindicator 22-1 > > -- no debconf information >
signature.asc
Description: OpenPGP digital signature